Intrusion Detection and Prevention (IDP)/Antispam/Antivirus/Content filtering services to protect ransomware.

1. 11
How useful are
IDP/Antispam/Antivirus/Content
filtering services to protect ransomware ?
Bhairave Maulekhi
Assistant Manager-technology
Zyxel Technology Pvt. Ltd

2. 2
Big Numbers of 2016
Source: KasperskyLab

3. 3Source: KasperskyLab

4. 4
Agenda
01
Ransomware
Introduction
02
How USG Stops
Ransomware
Something You Need to
Know
USG Provides Comprehensive
Protection

5. 5
What is Ransomware?
• Ransomware is a type of malware that
prevents or limits users from accessing
their system.
• Encrypted system/file is the typical way
Ransomware did.
• This type of malware forces its victims
to pay the ransom through certain
online payment methods in order to
grant access to their systems, or to get
their data back.

6. 6
Common Behaviors of Ransomware
• When hit, it offers users the option of
decrypting 5 files for free—as proof that
decryption is possible.
• Users are also given 96 hours, instead of
72 hours, to pay the ransom fee which
ranges from $500~$1,000.
• In some case, infection could occur
through embedded URL over email or
compromised web site with drive-by
download technics.
TeslaCrypt Ransom Page / Source: Google Search

7. 7
7ev3n-HONE$T Ransom Page / Source: Google Search

8. 8
2016 Ransom Cases
Source: TheHackerNews.com

9. 9
• Once again the heat was felt by the
Los Angeles Valley College (LAVC)
when hackers managed to infect its
computer network with ransomware
and demanded US$28,000 payment
in Bitcoins to get back online.
• The cyber-attack occurred over
winter break and caused
widespread disruption to online,
financial aid, email and voicemail
systems, including locking out 1,800
students and staffs from their
computers.
Source: TheHackerNews.com
2017 Ransom Case

10. 10
Typical Threat Infection Method

11. 11
How Ransomware works?
1. Spear-phishing email
2. User opens email 3-1. Fake attached file is executed
4. Files encrypted5. Ransom message is displayed
6. Damage occurred

12. 1212
How USG Stops Ransomware

13. 13
USG provides Comprehensive Protection
1). Anti-Spam stops
phishing email
2). Content Filter stops user
to open unsafe/malicious
link (from email)
3). Anti-Virus protects
user not to download
malware-infected files
4). IDP detects and stops
Ransomware attempting to
contact CC&C

14. 1414
E-mail is an indispensable form of communication that has made its way into every aspect of
our modern lives. However, statistics show that more than 70 percent of all e-mail is spam,
and more than 90 percent of spam carries some form of malware. To defend against spam,
malware, and phishing attacks, it is essential to deploy effective anti-spam technology. With
that in mind, Zyxel Anti-Spam leverages a cloud-based pre-perimeter defence system to
protect your e-mail from malware.
Different from the traditional mail server, the UTM Anti-Spam Service can filter out malware
and spam to provide the most thorough protection for any end point under an internal
network. Zyxel Anti-Spam service reduces unsolicited e-mail and increases business
productivity by allowing you to block spam on the network edge, thereby unburdening your
e-mail servers.
Anti-Spam
E-mail is the most common method and starting point of attacks aiming at organizations. Anti-Spam detects
and filters spam e-mails with comprehensive, multi-layered protections.

15. 15
Anti-Spam Secured Email In-&-Out
• Enable reputation-based email protection
• Ransomware usually uses spear-phishing emails as 1st step
• Zyxel Anti-Spam protects your network not only from spam as well from
suspicious emails
• Real time protection from cloud-based automated sharing and updating

16. 1616
Content Filtering 2.0
We protect your business from undesirable access to malicious, hacked or inappropriate websites with
technologies such as URL filtering, HTTPS domain filter, safe search and GeoIP blocking.
While nobody would dispute that the Internet is an indispensable tool for business, there exist many
malicious sites that would trap users, potentially infecting systems with viruses or installing spyware when
carelessly accessed. An efficient solution is necessary for administrators to manage web access and control
traffic when employees access websites. ZyXEL Content Filtering is a fully integrated security subscription
service protecting networks against malicious attacks from rogue websites while helping administrators
manage and control user access.
Content Filtering 2.0 is introduced with improving visibility and detection coverage. It includes URL
filtering, HTTPS domain filter, safe search and GeoIP blocking. Now you can upgrade to Content Filtering
2.0 with the USG/ZyWALL ZLD 4.20 firmware and enjoy the new features that are strongly required by
education and other sectors for safe Internet browsing and better detection coverage.

17. 17
Content Filter Secured Web Connection
• Enable protection on accessing every URL
• When user clicks on the link in emails and attempt to connect, those URL should
be checked
• Zyxel Content Filtering for USG/ZyWALL covers the world’s largest URL
database and keeps updated

18. 1818
Zyxel Anti-Virus security subscription is a gateway-level Anti-Virus technology targeting
known malware including viruses, Trojans, worms, spyware and rogue ware, Zyxel Anti-
Virus scans traffic on major protocols including HTTP, HTTPS, FTP, SMTP, and POP3.
Gateway-level Anti-Virus protection is first-line essential security for business networks to
guard against these threats.
Anti-Virus

19. 19
Anti-Virus Stops Malware-infected Files
• Enable anti-malware protection
• Files attached in the mails should be thoroughly scanned
• Zyxel Anti-Virus protects the users from Viruses, Worms, Trojans, and Malware
including protocols like SMTP and POP3
• Along with SSL Inspection, USG/ZyWALL can further deal with encrypted emails

20. 2020
Today’s networks are under attack from an ever-expanding array of threats - viruses,
malware, and other exploits. Hackers are increasingly adept at avoiding detection, and unlike
with automated threats like viruses, the goal of these intrusions is often the theft of specific
personal or financial information. For this reason, users need more reliable safeguards to
protect private data.
Zyxel IDP service helps enterprises achieve timely security against known and zero-day
attacks while fully safeguarding a network environment by providing anomaly traffic
detection and prevention. It guards against evasion intrusions by blocking well-known Trojan
horses and back door applications that can infiltrate your internal network. Deep packet
inspection is used for intrusion detection and prevention, web application protection, and
application control.
Guards your business from a wide range of attacks and suspicious activities – such as SQL injection,
DoS and malicious backdoor applications.
Intrusion Detection and Prevention (IDP)

21. 21
IDP Monitor Network Behaviors
• Put the threat intelligence on
• Abnormal behaviors should be monitored and detected
• Zyxel Intrusion Detection & Protection closely watch the network behaviors
and detect the attempting connections to the CC&C or backdoor program.

22. 22
PREVENT, not REACT

23. 23
Ransomware Prevention
Security Gateway Provides Comprehensive Protection
• To maximize your protection against malware, including Ransomware.
• To stop threat at different points of your next environment.

24. 24
Next Generation USG
 Anti-malware Protection (Anti-Virus)
 Web Security (Content Filter)
 Email Security (Anti-Spam)
 Intrusion Detection & Prevention (IDP)
 SSL Inspection
 Hybrid VPN (IPSec/SSL/L2TP over IPSec)
 Ultra-High Performance
 High-Availability
 Firewall/NAT
 BWM

25. 25
USG/ZyWALL UTM Service License

26. 2626